Solutions

Threat

The 3GRC Threat analysis service utilises leading risk intelligence, financial and active threat intelligence security feeds to analyse and report on risks associated with an organisation’s third parties. The assessment assesses technical risks based on public facing sites or infrastructure that can be exploited. Our Threat assessment offers a formal report, with risks populated uniquely within a 3GRC risk register for any remediation activities.

The 3GRC Threat Assessment starts with the completion of a simple online survey through the 3GRC platform. This identifies the key information required by our analysts to deliver the components of the 3GRC Threat service. 3GRC Threat Analysts review the feeds to fully understand the third-party risk profile from a number of different aspects including: financial risk, technical cyber risk, threat intelligence including key personnel risks and dark web threats.

Financial

3GRC will perform a Threat assessment against the business/business owners to understand the risks associated regarding the financial state of the on-boarding of a supplier. The clear financial risk scoring report provided will ensure that a thorough business review has been conducted to identify any financial risks that may be present.

Passive Threat Intelligence

Using target information provided from the 3GRC Threat survey such as company name, domain names, key personnel or customised supplier information, 3GRC will perform a passive Threat Intelligence assessment using open source intelligence collected from publicly available sources on the internet and dark web.

3GRC’s Threat Analysts have access to a large number of Threat Intelligence providers. This includes access to Open Source Intelligence feeds and commercial Threat Intelligence feeds. The data extracted by our analysts will depend on the target and information supplied. The data provided is likely to cover areas such as information related to the target from recent data breaches and anything which might be of interest collated from dark web sites and forums.

Active Technical Threat Assessment

3GRC Threat will conduct a technical Cyber Risk assessment of the supplier’s internet facing systems to identify any potential security vulnerabilities which could cause concern or impact to the on-boarding of that supplier. This can include phishing techniques and traditional penetration testing against applications or infrastructure. This assessment will require the full agreement from the supplier before it can be conducted and will be performed by 3GRC’s experienced security consultants and penetration testers.

Reporting

The key deliverable for the 3GRC Threat assessment is the report. The report will provide a clear understanding of any risks based around Financial, Technical Cyber Risk and associated with on-boarding a supplier.

Contact us today

For more information or to arrange a free demonstration of the 3GRC platform, please contact us today.